bloby-bot 0.60.1 → 0.62.0

package/supervisor/channels/telegram.ts

@@ -0,0 +1,360 @@
+/**
+ * Telegram channel provider — DIRECT Bot API, no relay in the message path.
+ *
+ * Unlike Alexa (relay-mediated, degenerate provider), this provider holds the
+ * user's OWN @BotFather bot token (pasted at connect time) and long-polls
+ * `getUpdates` straight against api.telegram.org — no relay anywhere. Every
+ * inbound/outbound message (including media) flows Bloby ↔ Telegram directly.
+ * Outbound HTTPS only: works behind NAT, no public URL, no relay egress.
+ *
+ * It is lighter than the WhatsApp/Baileys provider (no reverse-engineered
+ * protocol, no QR, no auth-state files) — just a token string and a poll loop.
+ */
+
+import { loadConfig } from '../../shared/config.js';
+import { log } from '../../shared/logger.js';
+import type { ChannelProvider, ChannelStatus, ChannelType } from './types.js';
+
+const TG_API = 'https://api.telegram.org';
+const POLL_TIMEOUT_S = 25;          // long-poll hold time
+const MAX_MESSAGE_CHARS = 4096;     // Telegram hard limit per sendMessage
+const TYPING_REFRESH_MS = 5_000;    // Telegram "typing" expires ~5s
+
+/** Image extracted from an inbound Telegram message. */
+export interface TelegramImageAttachment {
+  mediaType: string;
+  data: string; // base64
+}
+
+/** Normalized inbound message handed to the ChannelManager. */
+export interface TelegramInbound {
+  /** Chat id (string form of the numeric Telegram chat.id). Reply target. */
+  chatId: string;
+  /** Sender's numeric Telegram user id (string). */
+  fromUserId: string;
+  /** Display name (first name / @username) if available. */
+  senderName?: string;
+  text: string;
+  isGroup: boolean;
+  messageId?: number;
+  images?: TelegramImageAttachment[];
+}
+
+export type OnTelegramMessage = (msg: TelegramInbound) => void;
+export type TranscribeFn = (audioBase64: string) => Promise<string | null>;
+
+export class TelegramChannel implements ChannelProvider {
+  readonly type: ChannelType = 'telegram';
+
+  private token: string | null = null;
+  private botUsername: string | null = null;
+  private connected = false;
+  private offset = 0;
+  private intentionalDisconnect = false;
+  private pollAbort: AbortController | null = null;
+  private reconnectTimer: ReturnType<typeof setTimeout> | null = null;
+  private typingIntervals = new Map<string, ReturnType<typeof setInterval>>();
+
+  private onMessage: OnTelegramMessage;
+  private onStatusChange: (status: ChannelStatus) => void;
+  private transcribe: TranscribeFn | null;
+
+  constructor(
+    onMessage: OnTelegramMessage,
+    onStatusChange: (status: ChannelStatus) => void,
+    transcribe?: TranscribeFn,
+  ) {
+    this.onMessage = onMessage;
+    this.onStatusChange = onStatusChange;
+    this.transcribe = transcribe || null;
+  }
+
+  private api(method: string): string {
+    return `${TG_API}/bot${this.token}/${method}`;
+  }
+
+  hasCredentials(): boolean {
+    return !!loadConfig().channels?.telegram?.botToken;
+  }
+
+  getQrCode(): string | null {
+    return null;
+  }
+
+  getStatus(): ChannelStatus {
+    return {
+      channel: 'telegram',
+      connected: this.connected,
+      info: {
+        botUsername: this.botUsername || loadConfig().channels?.telegram?.botUsername || null,
+        linked: this.hasCredentials(),
+        hasCredentials: this.hasCredentials(),
+      },
+    };
+  }
+
+  async connect(): Promise<void> {
+    this.intentionalDisconnect = false;
+    const cfg = loadConfig().channels?.telegram;
+    if (!cfg?.botToken) {
+      log.warn('[telegram] No bot token configured — not connecting');
+      return;
+    }
+    this.token = cfg.botToken;
+    this.botUsername = cfg.botUsername || null;
+
+    // getMe confirms the token and learns the @username.
+    try {
+      const me = await this.call('getMe', {});
+      if (me?.username) this.botUsername = me.username;
+      log.ok(`[telegram] Connected as @${this.botUsername || 'unknown'} (id=${me?.id || '?'})`);
+    } catch (err: any) {
+      log.warn(`[telegram] getMe failed: ${err.message} — will retry in poll loop`);
+    }
+
+    this.connected = true;
+    this.emitStatus();
+    this.pollLoop(); // fire and forget
+  }
+
+  async disconnect(): Promise<void> {
+    this.intentionalDisconnect = true;
+    if (this.reconnectTimer) { clearTimeout(this.reconnectTimer); this.reconnectTimer = null; }
+    if (this.pollAbort) { try { this.pollAbort.abort(); } catch {} this.pollAbort = null; }
+    for (const interval of this.typingIntervals.values()) clearInterval(interval);
+    this.typingIntervals.clear();
+    this.connected = false;
+    this.emitStatus();
+  }
+
+  // ── Outbound ──────────────────────────────────────────────────────────────
+
+  async sendMessage(to: string, text: string): Promise<void> {
+    if (!this.token) { log.warn('[telegram] Cannot send — no token'); return; }
+    this.stopTyping(to);
+    // Telegram caps messages at 4096 chars — split on the limit.
+    for (const chunk of splitMessage(text, MAX_MESSAGE_CHARS)) {
+      try {
+        await this.call('sendMessage', { chat_id: to, text: chunk, link_preview_options: { is_disabled: true } });
+      } catch (err: any) {
+        log.warn(`[telegram] sendMessage to ${to} failed: ${err.message}`);
+        return;
+      }
+    }
+    log.info(`[telegram] Sent message to ${to} (${text.length} chars)`);
+  }
+
+  /** Send an image natively (used by ChannelManager for <BlobyImage> tags). */
+  async sendImage(to: string, image: Buffer, caption?: string, mimetype?: string): Promise<void> {
+    if (!this.token) { log.warn('[telegram] Cannot send image — no token'); return; }
+    this.stopTyping(to);
+    try {
+      const form = new FormData();
+      form.append('chat_id', to);
+      if (caption) form.append('caption', caption.slice(0, 1024));
+      const ext = (mimetype?.split('/')[1] || 'png').replace('jpeg', 'jpg');
+      form.append('photo', new Blob([new Uint8Array(image)], { type: mimetype || 'image/png' }), `image.${ext}`);
+      const r = await fetch(this.api('sendPhoto'), { method: 'POST', body: form });
+      if (!r.ok) throw new Error(`HTTP ${r.status}`);
+      log.info(`[telegram] Sent image to ${to}`);
+    } catch (err: any) {
+      log.warn(`[telegram] sendImage to ${to} failed: ${err.message}`);
+    }
+  }
+
+  /** Show "typing…" — refreshes every 5s since Telegram's indicator expires. */
+  startTyping(to: string): void {
+    if (!this.token || !this.connected) return;
+    this.stopTyping(to);
+    let ticks = 0;
+    const send = () => {
+      // Cap the refresh (~2 min) so a turn that ends without a reply can't leave a stuck indicator.
+      if (++ticks > 24) { this.stopTyping(to); return; }
+      this.call('sendChatAction', { chat_id: to, action: 'typing' }).catch(() => {});
+    };
+    send();
+    this.typingIntervals.set(to, setInterval(send, TYPING_REFRESH_MS));
+  }
+
+  stopTyping(to: string): void {
+    const interval = this.typingIntervals.get(to);
+    if (interval) { clearInterval(interval); this.typingIntervals.delete(to); }
+  }
+
+  // ── Inbound poll loop ─────────────────────────────────────────────────────
+
+  private async pollLoop(): Promise<void> {
+    while (!this.intentionalDisconnect) {
+      this.pollAbort = new AbortController();
+      try {
+        const updates = await this.call('getUpdates', {
+          offset: this.offset,
+          timeout: POLL_TIMEOUT_S,
+          allowed_updates: ['message'],
+        }, this.pollAbort.signal, (POLL_TIMEOUT_S + 10) * 1000);
+
+        if (Array.isArray(updates)) {
+          for (const update of updates) {
+            this.offset = Math.max(this.offset, (update.update_id || 0) + 1);
+            try { await this.handleUpdate(update); }
+            catch (err: any) { log.warn(`[telegram] handleUpdate error: ${err.message}`); }
+          }
+        }
+      } catch (err: any) {
+        if (this.intentionalDisconnect) break;
+        // Watchdog timeout (the long-poll exceeded its deadline without a response —
+        // e.g. a silently dropped connection). A disconnect-driven abort is caught by
+        // the intentionalDisconnect check above, so any AbortError here is the timeout:
+        // re-open a fresh long-poll immediately rather than treating it as fatal.
+        if (err?.name === 'AbortError') continue;
+        // 409 = another getUpdates/webhook is consuming this bot — do not hot-loop.
+        if (String(err.message).includes('409')) {
+          log.warn('[telegram] getUpdates conflict (409) — another consumer holds this bot. Stopping poll.');
+          this.connected = false;
+          this.emitStatus();
+          return;
+        }
+        log.warn(`[telegram] getUpdates error: ${err.message} — retrying in 5s`);
+        await sleep(5000);
+      }
+    }
+  }
+
+  private async handleUpdate(update: any): Promise<void> {
+    const message = update.message;
+    if (!message) return;
+
+    const from = message.from || {};
+    if (from.is_bot) return; // ignore other bots (our own sends never come back here anyway)
+
+    const chat = message.chat || {};
+    const chatId = String(chat.id);
+    const fromUserId = String(from.id ?? '');
+    const isGroup = chat.type === 'group' || chat.type === 'supergroup';
+    const senderName = from.first_name
+      ? (from.last_name ? `${from.first_name} ${from.last_name}` : from.first_name)
+      : (from.username || undefined);
+
+    let rawText: string = message.text || message.caption || '';
+    const images: TelegramImageAttachment[] = [];
+
+    // Photo: download the largest available size.
+    if (Array.isArray(message.photo) && message.photo.length > 0) {
+      const largest = message.photo[message.photo.length - 1];
+      const img = await this.downloadFile(largest.file_id).catch(() => null);
+      if (img) images.push({ mediaType: 'image/jpeg', data: img.toString('base64') });
+    }
+
+    // Voice note / audio: download + transcribe.
+    const voice = message.voice || message.audio;
+    if (!rawText && voice?.file_id) {
+      if (!this.transcribe) {
+        await this.sendMessage(chatId, 'Voice transcription is off — add an OpenAI API key in your Bloby chat settings (the three-dots menu) to enable it.');
+        return;
+      }
+      const buf = await this.downloadFile(voice.file_id).catch(() => null);
+      if (buf) {
+        const transcript = await this.transcribe(buf.toString('base64')).catch(() => null);
+        if (transcript) {
+          rawText = transcript;
+          log.info(`[telegram] Transcribed voice: "${rawText.slice(0, 80)}"`);
+        } else {
+          await this.sendMessage(chatId, "I couldn't transcribe that voice message — if this keeps happening, add an OpenAI API key in your Bloby chat settings (the three-dots menu) to enable voice transcription.");
+          return;
+        }
+      }
+    }
+
+    if (!rawText && images.length === 0) return;
+    if (!rawText && images.length > 0) rawText = '(image)';
+
+    const text = escapeMessageText(rawText);
+
+    log.info(`[telegram] Message from ${fromUserId} (chat=${chatId}, group=${isGroup}, images=${images.length}): ${text.slice(0, 80)}`);
+
+    this.onMessage({
+      chatId,
+      fromUserId,
+      senderName,
+      text,
+      isGroup,
+      messageId: message.message_id,
+      images: images.length > 0 ? images : undefined,
+    });
+  }
+
+  /** Resolve a Telegram file_id to its bytes (getFile → download from the file CDN). */
+  private async downloadFile(fileId: string): Promise<Buffer | null> {
+    const file = await this.call('getFile', { file_id: fileId });
+    const filePath = file?.file_path;
+    if (!filePath) return null;
+    const r = await fetch(`${TG_API}/file/bot${this.token}/${filePath}`);
+    if (!r.ok) throw new Error(`file download HTTP ${r.status}`);
+    const buf = Buffer.from(await r.arrayBuffer());
+    log.info(`[telegram] Downloaded file (${Math.round(buf.length / 1024)}KB)`);
+    return buf;
+  }
+
+  /** Call a Bot API method, returning `result` or throwing on `ok:false`. */
+  private async call(method: string, params: Record<string, any>, signal?: AbortSignal, timeoutMs = 30_000): Promise<any> {
+    // Always apply the watchdog timeout, AND honor the caller's abort signal (disconnect)
+    // when present — abort whichever fires first. The previous version dropped the timeout
+    // whenever a signal was passed, leaving the long-poll with no deadline.
+    const ctrl = new AbortController();
+    const timer = setTimeout(() => ctrl.abort(), timeoutMs);
+    const onExternalAbort = () => ctrl.abort();
+    if (signal) {
+      if (signal.aborted) ctrl.abort();
+      else signal.addEventListener('abort', onExternalAbort, { once: true });
+    }
+    try {
+      const r = await fetch(this.api(method), {
+        method: 'POST',
+        headers: { 'Content-Type': 'application/json' },
+        body: JSON.stringify(params),
+        signal: ctrl.signal,
+      });
+      const data = await r.json().catch(() => ({}));
+      if (!r.ok || !data.ok) {
+        throw new Error(`${method} → ${r.status} ${data.description || ''}`.trim());
+      }
+      return data.result;
+    } finally {
+      clearTimeout(timer);
+      if (signal) signal.removeEventListener('abort', onExternalAbort);
+    }
+  }
+
+  private emitStatus() {
+    this.onStatusChange(this.getStatus());
+  }
+}
+
+// ── helpers ──────────────────────────────────────────────────────────────────
+
+function sleep(ms: number): Promise<void> {
+  return new Promise((resolve) => setTimeout(resolve, ms));
+}
+
+/** Split a long message into <=limit-char chunks, preferring newline boundaries. */
+function splitMessage(text: string, limit: number): string[] {
+  if (text.length <= limit) return [text];
+  const chunks: string[] = [];
+  let rest = text;
+  while (rest.length > limit) {
+    let cut = rest.lastIndexOf('\n', limit);
+    if (cut < limit * 0.5) cut = limit; // no good newline — hard cut
+    chunks.push(rest.slice(0, cut));
+    rest = rest.slice(cut).replace(/^\n/, '');
+  }
+  if (rest) chunks.push(rest);
+  return chunks;
+}
+
+/** Mirror WhatsApp's anti-injection escaping so message content can't fake channel/role tags. */
+function escapeMessageText(text: string): string {
+  return text
+    .replace(/\[Telegram\s*\|/gi, '(Telegram|')
+    .replace(/\[WhatsApp\s*\|/gi, '(WhatsApp|')
+    .replace(/\[\s*(admin|customer)\s*\]/gi, '($1)');
+}

package/supervisor/channels/types.ts

@@ -78,13 +78,17 @@ export interface RoutingTarget {
   /** Which surface triggered this turn. Drives whether the WA reply carries a "🤖 Bot:" prefix.
    *  'workspace' is a dashboard surface like 'chat' (broadcast-driven, optional WA self-chat mirror)
    *  but isolated for telemetry / future per-surface routing. */
-  surface: 'chat' | 'whatsapp' | 'alexa' | 'workspace';
+  surface: 'chat' | 'whatsapp' | 'alexa' | 'telegram' | 'workspace';
   /** WhatsApp JID to deliver the reply to.
    *  - 'whatsapp' surface → the originating chat JID (group or peer).
    *  - 'chat' surface     → optionally the user's own number (self-chat mirror), or undefined.
    *  When undefined, no WhatsApp send happens — the reply only reaches the dashboard via broadcast.
    */
   waSendTo?: string;
+  /** Telegram chat id to deliver the reply to ('telegram' surface). */
+  telegramChatId?: string;
+  /** Telegram message id of the inbound that triggered this turn (for reply-to / reactions). */
+  telegramMessageId?: number;
   isGroup?: boolean;
   isSelfChat?: boolean;
   /** When set, the assistant's reply is appended to this customer buffer (assistant-mode context). */

package/supervisor/channels/whatsapp.ts

@@ -518,11 +518,10 @@ export class WhatsAppChannel implements ChannelProvider {
           }
         }
 
-        // Skip if no text AND no images
-        if (!rawText && images.length === 0) continue;
-
-        // Use a default text for image-only messages
-        if (!rawText && images.length > 0) {
+        // Skip if no text AND no images; otherwise default text for image-only
+        // messages. Collapsing both branches also narrows `rawText` to `string`.
+        if (!rawText) {
+          if (images.length === 0) continue;
           rawText = '(image)';
         }
 

package/supervisor/chat/OnboardWizard.tsx

@@ -60,6 +60,8 @@ const PROVIDERS = [
 
 const MODELS: Record<string, { id: string; label: string }[]> = {
   anthropic: [
+    { id: 'claude-opus-4-8[1m]', label: 'Opus 4.8 (1M context)' },
+    { id: 'claude-opus-4-8', label: 'Opus 4.8' },
     { id: 'claude-opus-4-7[1m]', label: 'Opus 4.7 (1M context)' },
     { id: 'claude-opus-4-7', label: 'Opus 4.7' },
     { id: 'claude-sonnet-4-6', label: 'Sonnet 4.6 (1M context)' },
@@ -3513,6 +3515,21 @@ export default function OnboardWizard({ onComplete, isInitialSetup = false, onSa
                 {/* ── Auth flow: Anthropic ── */}
                 {provider === 'anthropic' && (
                   <div className="space-y-2.5">
+                    {/* Anthropic third-party usage policy notice — shown to anyone considering Claude. */}
+                    <div className="rounded-xl border border-amber-500/20 bg-amber-500/[0.06] px-4 py-3.5">
+                      <div className="flex items-center gap-2 mb-2">
+                        <TriangleAlert className="h-4 w-4 text-amber-400 shrink-0" />
+                        <h3 className="text-[12.5px] font-semibold text-amber-200/90">Anthropic Third-Party App Policy Update</h3>
+                      </div>
+                      <div className="space-y-2 text-amber-100/70 text-[12px] leading-relaxed">
+                        <p>Starting June 15, 2026, Anthropic will provide a separate Third-Party App credit equal to the amount you pay for your subscription.</p>
+                        <p>For example, if you have the Max 5x plan at $100/month, you will receive $100 in credits to use with third-party tools like Bloby.</p>
+                        <p>Unfortunately, this is only a fraction of the usage Bloby users had before. We don&apos;t control Anthropic&apos;s rules, but we do need to follow them.</p>
+                        <p>The best alternative right now is a <span className="font-medium text-amber-100/90">ChatGPT subscription</span>, which also offers $100 and $200 plans with much higher usage limits for Bloby.</p>
+                        <p>In the short term, Bloby will be optimized for ChatGPT. In the long term, we are building our own model harness so Bloby has more control, more flexibility, and does not depend too heavily on providers that can change their rules at any moment.</p>
+                      </div>
+                    </div>
+
                     {isConnected && (
                       <div className="space-y-2.5">
                         <div className="bg-emerald-500/8 border border-emerald-500/15 rounded-lg px-3.5 py-2.5">

package/supervisor/chat/src/components/Chat/MessageBubble.tsx

@@ -88,6 +88,14 @@ function preprocessContent(text: string): string {
     );
   }
 
+  const telegramLink = '[connect-telegram](/api/channels/telegram/pair-page)';
+  if (!out.includes(telegramLink)) {
+    out = out.replace(
+      /`?(?:http:\/\/localhost:\d+)?\/api\/channels\/telegram\/pair-page`?/g,
+      telegramLink,
+    );
+  }
+
   return out;
 }
 
@@ -381,6 +389,27 @@ export default function MessageBubble({ role, content, timestamp, hasAttachments
               </a>
             );
           }
+          if (href?.includes('/api/channels/telegram/pair-page')) {
+            return (
+              <a
+                href={href}
+                target="_blank"
+                rel="noopener noreferrer"
+                className="flex items-center gap-3 my-2 px-3.5 py-2.5 rounded-xl bg-[#229ED9]/10 border border-[#229ED9]/20 hover:bg-[#229ED9]/15 transition-colors no-underline"
+              >
+                <div className="flex items-center justify-center w-8 h-8 rounded-lg bg-[#229ED9] shrink-0">
+                  <svg viewBox="0 0 24 24" className="w-4 h-4 fill-white">
+                    <path d="M9.78 18.65l.28-4.23 7.68-6.92c.34-.31-.07-.46-.52-.19L7.74 13.3 3.64 12c-.88-.25-.89-.86.2-1.3l15.97-6.16c.73-.33 1.43.18 1.15 1.3l-2.72 12.81c-.19.91-.74 1.13-1.5.71l-4.13-3.05-1.99 1.93c-.23.23-.42.42-.83.42z"/>
+                  </svg>
+                </div>
+                <div className="flex flex-col min-w-0">
+                  <span className="text-[#229ED9] font-medium text-sm">Click here to connect Telegram</span>
+                  <span className="text-muted-foreground text-xs">Opens the Telegram pairing page</span>
+                </div>
+                <ExternalLink className="w-3.5 h-3.5 text-muted-foreground/50 ml-auto shrink-0" />
+              </a>
+            );
+          }
           return (
             <a
               href={href}

package/supervisor/harnesses/claude.ts

@@ -213,6 +213,11 @@ async function buildConversationOptions(
 
   return {
     model,
+    // Reasoning effort. 'high' = deep reasoning while staying more token-efficient
+    // than the CLI's xhigh default on Opus 4.7/4.8 — meaningful given Anthropic's
+    // tighter third-party usage limits. Supported on Opus 4.6+/Sonnet 4.6; silently
+    // ignored by models without effort support.
+    effort: 'high',
     cwd: WORKSPACE_DIR,
     permissionMode: 'bypassPermissions',
     allowDangerouslySkipPermissions: true,
@@ -648,6 +653,7 @@ export async function startBlobyAgentQuery(
       prompt: sdkPrompt,
       options: {
         model,
+        effort: 'high', // see buildConversationOptions — token-efficient deep reasoning
         cwd: WORKSPACE_DIR,
         permissionMode: 'bypassPermissions',
         allowDangerouslySkipPermissions: true,
@@ -762,6 +768,7 @@ export async function runAgentQuery(req: AgentQueryRequest): Promise<AgentQueryR
       prompt: req.message,
       options: {
         cwd: WORKSPACE_DIR,
+        effort: 'high', // see buildConversationOptions — token-efficient deep reasoning
         permissionMode: 'bypassPermissions',
         allowDangerouslySkipPermissions: true,
         maxTurns,

package/supervisor/harnesses/pi/index.ts

@@ -12,7 +12,7 @@
  */
 import { log } from '../../../shared/logger.js';
 import { WORKSPACE_DIR } from '../../../shared/paths.js';
-import type { SavedFile } from '../file-saver.js';
+import type { SavedFile } from '../../file-saver.js';
 import { assembleSystemPrompt } from '../../../worker/prompts/prompt-assembler.js';
 import fs from 'fs';
 import path from 'path';

package/supervisor/harnesses/pi/tools/path-safety.ts

@@ -12,7 +12,14 @@ export function safeResolve(cwd: string, requested: string): string {
   if (!requested || typeof requested !== 'string') {
     throw new Error('Missing file path');
   }
-  const root = fs.realpathSync.native ? fs.realpathSync(cwd) : path.resolve(cwd);
+  // Canonicalize cwd (resolves symlinks) so the traversal check below compares real
+  // paths. Falls back to a plain resolve when cwd doesn't exist yet (realpath throws).
+  let root: string;
+  try {
+    root = fs.realpathSync.native(cwd);
+  } catch {
+    root = path.resolve(cwd);
+  }
   const abs = path.isAbsolute(requested)
     ? path.normalize(requested)
     : path.normalize(path.join(root, requested));